(define-module (config mail)
  #:use-module (gnu packages mail)
  #:use-module (gnu services mail)
  #:use-module (guix gexp)
  #:use-module (gnu services)
  #:use-module (services dkim-key)
  #:export (mail-services))

(define (key-file domain)
  (string-append "/etc/letsencrypt/live/" domain "/privkey.pem"))
(define (cert-file domain)
  (string-append "/etc/letsencrypt/live/" domain "/fullchain.pem"))

(define* (opensmtpd-config #:key domain aliases dkim-selector)
  (define (format-aliases aliases)
    (format #f "~:{~a: ~a\n~}\n"
            (cons* '("MAILER-DAEMON" "postmaster")
                   '("postmaster" "root")
                   '("hostmaster" "root")
                   '("webmaster" "root")
                   '("abuse" "root")
                   '("security" "root")
                   aliases)))

  (mixed-text-file "smtpd.conf" "\
smtp max-message-size \"1G\"
table aliases file:" (mixed-text-file "aliases" (format-aliases aliases)) "

pki " domain " cert \"" (cert-file domain) "\"
pki " domain " key \"" (key-file domain) "\"

filter \"dkimsign\" proc-exec \""
    (file-append opensmtpd-filter-dkimsign "/libexec/opensmtpd/filter-dkimsign")
    " -d " domain " -s " dkim-selector " -k /etc/dkim/" domain ".key\"

listen on lo port submission mask-src filter \"dkimsign\"
listen on " domain " tls hostname " domain " pki " domain "
listen on " domain " port submission tls-require hostname " domain " pki " domain " auth mask-src filter \"dkimsign\"

action \"deliver\" maildir \"%{user.directory}/mail\" alias <aliases>
action \"relay\" relay

match from any for domain " domain " action \"deliver\"
match from any auth for any action \"relay\"
"))

(define* (mail-services #:key domain aliases dkim-selector)
  (list (service dkim-key-service-type
                 (dkim-key-configuration
                   (domain domain)
                   (selector dkim-selector)))

        (service opensmtpd-service-type
                 (opensmtpd-configuration
                   (shepherd-requirement '(networking))
                   (config-file
                     (opensmtpd-config #:domain domain
                                       #:aliases aliases
                                       #:dkim-selector dkim-selector))))

        (service dovecot-service-type
                 (dovecot-configuration
                   (mail-location "maildir:~/mail")
                   (ssl-cert (string-append "<" (cert-file domain)))
                   (ssl-key (string-append "<" (key-file domain)))
                   (protocols (list (protocol-configuration (name "pop3"))))
                   (services (list (service-configuration
                                     (kind "pop3-login")
                                     (listeners
                                       ;; Disable TLS-only port.
                                       (list (inet-listener-configuration
                                               (protocol "pop3s") (port 0)))))))))))